Hylite

Privacy Policy

Last Updated: February 10, 2026

Hylite is operated by an individual developer based in Sweden.

This Privacy Policy explains how Hylite ("we", "us", or "our") collects, uses, and protects your personal information when you use our clip monitoring service.

For the purposes of data protection laws, Hylite acts as the data controller for the personal information described in this policy.

1. Information We Collect

Account Information

When you sign in with Google, we collect:

  • Email address (verified only)
  • Full name (if provided in your Google profile)
  • Profile picture URL (if provided in your Google profile)
  • Google unique identifier (used to link your account)

We do not store your Google password. Authentication is handled entirely by Google.

Usage Information

When you use our service, we collect:

  • Streamers you choose to monitor (Twitch/Kick usernames)
  • Clips you save or hide
  • Clips you view or open (timestamps recorded)
  • Session information (login sessions, expiration times)

Public Platform Data

We fetch and temporarily store public information from Twitch and Kick, including:

  • Streamer display names, avatars, and game categories
  • Clip metadata (titles, URLs, thumbnails, view counts, durations)
  • Stream status (live/offline, viewer counts)

This information is publicly available on Twitch and Kick. While some of this data may be associated with individual creators, we only process it to provide the service and display clips.

Technical Information

We automatically collect:

  • Session cookies (for authentication)
  • Server logs (API requests, errors, performance metrics)
  • Rate limiting data (if configured, stored temporarily)

2. How We Use Your Information

We use your information to:

  • Provide the service: Monitor streamers, detect clip activity, and surface relevant clips
  • Authenticate you: Verify your identity and maintain your session
  • Personalize your experience: Remember your monitored streamers and saved clips
  • Improve the service: Analyze usage patterns and fix bugs
  • Prevent abuse: Rate limit requests and detect suspicious activity

We do not sell your personal data to third parties or use it for advertising purposes.

3. Cookies and Tracking

Essential Cookies

We use the following cookies to operate the service:

  • hylite_session: Maintains your login session (expires after 30 days)
  • oauth_state: Temporary cookie for secure Google login (expires after 10 minutes)

These cookies are essential for the service to function and are set as httpOnly and secure (in production).

No Third-Party Tracking

We do not use:

  • Analytics cookies (Google Analytics, etc.)
  • Advertising cookies
  • Social media tracking pixels
  • Third-party tracking scripts

4. Third-Party Services

We share data with the following third parties to provide the service:

Google (Authentication)

We use Google OAuth for authentication. When you sign in, Google provides us with your email, name, and profile picture (if you consent). Google's use of your information is governed by their Privacy Policy.

Twitch and Kick (Platform APIs)

We query Twitch and Kick APIs to fetch public streamer and clip data. These platforms may log our API requests. Their privacy policies govern their data practices:

Hosting and Infrastructure

We use third-party hosting providers to store and process data. These providers may have access to your data as part of their services. We ensure they maintain appropriate security measures.

If configured, we may use Upstash Redis for caching and rate limiting (data stored temporarily, typically 30 seconds to 15 minutes).

5. Data Retention

Account Data

We retain your account information, monitored streamers, and saved clips until you request deletion.

Session Data

Login sessions expire after 30 days of inactivity. Expired sessions are automatically deleted.

Temporary Data

Cached data (stream status, API responses) is stored temporarily (30-120 seconds) and automatically expires.

Server Logs

Server logs may be retained by our hosting provider for operational purposes, typically 7-30 days.

6. Your Rights

You have the following rights regarding your personal data:

Access

You can view your account information, monitored streamers, and saved clips at any time through the dashboard.

Correction

Your name and profile picture are synced from your Google account. Update your Google profile to change this information.

Deletion

You can remove monitored streamers, unsave clips, or unhide clips at any time. To delete your entire account and all associated data, please contact us at [email protected].

Data Export

To request a copy of your data in a portable format, contact us at [email protected].

Withdraw Consent

You can log out at any time to end your session. To withdraw consent entirely, delete your account by contacting us.

7. Data Security

We take reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit: All data is transmitted over HTTPS/TLS
  • Encryption at rest: Database encryption is managed by our hosting provider
  • Secure authentication: Google OAuth with PKCE (Proof Key for Code Exchange)
  • Session security: HttpOnly, secure cookies with 30-day expiration
  • Rate limiting: Protection against abuse and automated attacks
  • No password storage: We never store passwords (authentication delegated to Google)

8. International Data Transfers

Your data is primarily stored and processed on servers located within the European Union. Some third-party services we use (such as Google for authentication or platform APIs) may process data outside the EU. When this occurs, we rely on appropriate safeguards required by applicable data protection laws.

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]

For general support inquiries, visit our Support page.

12. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Consent: Where required, we rely on your consent, such as when you choose to sign in with a third-party provider like Google.
  • Contractual necessity: Processing is necessary to provide the service you requested, such as authentication, monitoring streamers, and saving clips.
  • Legitimate interests: We process certain data to improve the service, prevent abuse, and ensure security.

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.